1. Field of the Invention
An aspect of the present invention relates to a method and a system for authenticating a pay-per-use service using an extensible authentication protocol (EAP), and more particularly, to a method and a system for authenticating a pay-per-use service using an EAP that is provided for a service non-subscriber who uses a credit card or other payment method.
2. Description of the Related Art
In order to authenticate access attempts to diverse services that include local and remote network access services, an extensible authentication protocol (EAP) provides a general frame work.
Here, EAP is an authentication system characterized by a point-to-point protocol (PPP) and designed to achieve an easy extension. In a link setting process through PPP connection between a network access server (NAS) and a terminal, a problem occurs in that the NAS should prescribe a region for indicating types of an authentication protocol in a link control protocol (LCP) whenever an authentication server connected to the NAS itself uses the authentication protocol.
In order to solve this problem, types of the authentication protocol, such as a transport layer security (TLS), one-time password (OTP), token card, and others, are indicated in an EAP header, and thus the NAS can easily perform the extension only through the EAP irrespective of the authentication system. Through the EAP, the use of a smart card, a Kerberos, a public key, an OTP password, and a TLS becomes possible.
The architecture that uses the EAP minimizes direct participation of a client through an auto login and so on. That is, in case of requesting a service, a client name/password acquired from a service provider or an authentication certificate is used.
However, the conventional EAP-based auto login requires a client to join a proper service provider directly or indirectly. Accordingly, only a pre-pay or fixed pay system can be adopted on the assumption that the client joins the service provider.
In specified services such as wireless Internet platform for interoperability (WiFi) hotspot and so on, the login based on a credit card is permitted in a custom subscription or a pay-per-use cost. However, these services are performed on an ad-hoc basis, or require a direct participation of a client that is time consuming. Further, the client should provide information on his/her credit card to a third party at the risk of information leakage.
Typically, in a ubiquitous network environment where a client frequently requires services which the client is not subscribed to, extension to the ubiquitous computing technology is limited since the client cannot belong to all possible services in advance.
In the case where a client has a valid credit card account, a new EAP method, which enables the client to access a specified service, requires a continuous access to the corresponding service even if the client is not a subscriber of the corresponding service.